CVE-2010-3962

Опубликовано: 05 нояб. 2010

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Высокий

Описание

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

Ссылки

http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
Vendor Advisory
http://secunia.com/advisories/42091
Broken Link
Vendor Advisory
http://www.exploit-db.com/exploits/15418
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/15421
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/899748
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Patch
Vendor Advisory
http://www.securityfocus.com/bid/44536
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1024676
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
Not Applicable
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2010/2880
Broken Link
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
Tool Signature
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
Vendor Advisory
http://secunia.com/advisories/42091
Broken Link
Vendor Advisory
http://www.exploit-db.com/exploits/15418
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/15421
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/899748
Third Party Advisory
US Government Resource
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.8703

Высокий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-cmh7-cfjq-p92g

CVSS3: 8.1

github

больше 3 лет назад

EPSS

Процентиль: 99%

0.8703

Высокий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-416